V4:
- Clear address cache info after a full cf8/cfc access
- Add NULL pointer checking when calling init/deinit ops
V3:
- Do not use ASSERT
- Loop through the vdev list defined in vm_desctiption table to call the vdev init/unit functions
- Make the cached vbdf info struct per vm instead of per pcpu
V2:
- Fixed MISRA violations
Reviewed-by: Anthony Xu <anthony.xu@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Signed-off-by: dongshen <dongsheng.x.zhang@intel.com>
If SOS start from 64bit mode, it will use the page table
created by bootloader or BIOS. HV doesn't need to create
page table for it.
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
In current code, VM0 BSP start mode is hardcoded, in this patch VM0 BSP
start mode is decided by the boot context prepared by bootloader/BIOS.
In current code, VM0 BSP VMCS is override only on UEFI platform.
In this patch, VM0 BSP VMCS is override on both SBL & UEFI platforms.
Also restructure the code of guest init code.
In this patch, a vcpu run_context is initilaized first according to vcpu mode.
Then write the value to vmcs according to run_context value.
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
The structures defined in acrn_efi.h is x86 related, move it
to acrh/x86/guest/.
Also, the headfile will be used on both SBL & UEFI platforms,
rename it to vm0_boot.h
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
New field in VM's structure:
sworld_snapshot: save cpu_context of secure world.
New hypercall: HC_SAVE_RESTORE_SWORLD_CTX
In UOS S3 suspend path: trusty kernel driver will call this hypercall
to require Hypervisor save context of secure world.
In UOS S3 resume path: virtual firmware will call this hypercall to
require Hypervisor restore context of secure world.
New bit in secure_world_control.flag:
ctx_saved: indicate whether cpu_context of secure world is saved.
Signed-off-by: Qi Yadong <yadong.qi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Define Bitmap flag to indicate secure world's state:
supported: 0(not supported), 1(supported)
active: 0(inactive), 1(active)
Refine secure_world_memory:
base_gpa_in_sos: base_gpa from SOS's view
base_gpa_in_uos: base_gpa from UOS's view, this is the original base_gpa
allocated by bootloader.
Recording above GPA is for usage of trusty EPT destroy and re-create.
There is an assumption: the secure world's memory address is contiguous
in both SOS and physical side.
Signed-off-by: Qi Yadong <yadong.qi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
ACRN in partitioning mode boots multiple OS. Adding code to parse
VM description structure and a reference description structure for
booting 2 OSes.
Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com>
It's not reasonable to use push/pop against mmio. So we remove
the push/pop emulation.
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
We inject invalid opcode if instruction decode fails.
We don't support many instruction. If new type guest hit
the invalid opcode and it's necessary to emulate that
instruction, we could add new instruction then.
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
The DPL from SS access right field is always correct according
to SDM. We use it instead of using CS selector.
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
When doing copy_to/from_gva, it's possible the guest no page
happens on none-first page. In this case, we need get correct
fault address from gva2gpa.
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Acked-by: Eddie Dong <Eddie.dong@intel.com>
This patch add some comments after the default and before the break
in the switch statement based on MISRA-C requirement.
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Added prepare_vm function as a wrapper function on top of prepare_vm0.
This makes adding support for partition mode ACRN to boot multiple
VMs from HV cleaner.
Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com>
vm_update_register calls vm_get/set_register to update register and vm_update_rflags
calls vm_update_register to update RFLAGS.
We have make vm_get/set_register as non-failed function in previous patch.
So, this patch make the vm_update_register/rflags as void.
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
Reviewed-by: Eddie Dong <eddie.dong@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
vie_read/write_bytereg call vm_get/set_register to get/set byteregs.
We have make vm_get/set_register as non-failed function in previous patch.
So, this patch make the vie_read/write_bytereg as non-failed function too.
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Originally, vm_set/get_register return -EINVAL when "vcpu == NULL" or reg is invalid.
But, we don't check the return value actually and there is no chance we get an
null-vcpu and invalid reg in current implementation.
This patch add pre-assumptions about valid parameters before the function and make
them as non-failed functions.
- static uint64_t vm_get_register(struct vcpu *vcpu, enum cpu_reg_name reg)
- static void vm_set_register(struct vcpu *vcpu, enum cpu_reg_name reg, uint64_t val)
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Originally, vm_get_seg_desc return -EINVAL when "vcpu == NULL" or seg is invalid.
But, we don't check the return value actually and there is no chance we get an
null-vcpu and invalid seg in current implementation.
This patch adds pre-assumptions and makes the function as void.
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
This patch just removes some dead codes related to Instruction Emulation.
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Originally, there is cross-references between instr_emul.h and instr_emul_wrapper.h.
User must include both of them when calling instruction emulation functions. This
will raise up some confusion and inconvenience.
So we rearrange the logic of instruction emulation code as following:
- External API -- defined in instr_emul.h
* decode_instruction(struct vcpu *vcpu)
* emulate_instruction(struct vcpu *vcpu)
- Make all other functions as static in instr_emul.c
- Remove instr_emul_wrapper.c/h
No functional change.
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
Reviewed-by: Eddie Dong <eddie.dong@intel.com>
Reviewed-by: Yin Fengwei <fengwei.yin@intel.com>
ASSERT is too strict for HV when error happens during emulating instruction.
This patch remove all ASSERT and return a negative error code when failing to
emulate instruction.
Originally, getcc will return -EINVAL when opsize are not one of (1, 2, 4, 8).
But theoretically, opsize in current implementation can only be one of (1, 2, 4, 8).
So, we will always get valid "cc".
This patch add a pre-assumption and make sure that getcc always return valid value.
For the current code, #GP will be injected to guest if something goes wrong with
instruction emulation.
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
Reviewed-by: Yin Fengwei <fengwei.yin@intel.com>
There are so many __unused prefix spaning the emulate_xxx functions. This patch
unify the parameters of emulate_xxx to avoid it.
- All emulate_xxx functions are defined as emulate_xxx(struct vcpu *vcpu, instr_emul_vie *vie)
or emulate_xxx(struct vcpu *vcpu, instr_emul_vie *vie, struct vm_guest_paging *paging).
- Move mmio_read/write to instr_emul.c and call them directly.
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
Reviewed-by: Yin Fengwei <fengwei.yin@intel.com>
move most of fields from run_context into ext_context for world switch.
these fields do not need doing runtime save/restore during vm exit/entry.
v3:
- update cr0/cr4 registers switch method
v2:
- use struct name ext_context instead of saved_context
- updated according to previous v2 patch
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
there will be 3 types of vcpu runtime contexts:
- runtime contexts always saved/restored during VM exit/entry, which
include general registers rax/rcx/rdx/rbx/rbp/rsi/rdi/r8~r15, cr2 and
msr for spectre control (ia32_spec_ctrl)
- runtime contexts on-demand cached/updated during VM exit/entry, which
include frequently used registers rsp, rip, efer, rflags, cr0 and cr4
- runtime contexts always read/write from/to VMCS, which include left
registers not in above
this patch add get/set register APIs for vcpu runtime contexts, and unified
the save/restore method for them according to above description.
v3:
- update vcpu_get/set_cr0/4 as unified interface to get/set guest cr0/cr4,
use on-demand cache for reading, but always write to VMCS for writing.
v2:
- use reg_cached/reg_updated for on-demand runtime contexts
- always read/write cr3 from/to VMCS
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Fix the parameter name mismatch between API declaration and definition.
v2 -> v3:
* Fix two more violations which are missed in previous report.
shell_puts and console_write
v1 -> v2:
* Replace 'ret_desc' with 'desc'
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
In some special scenarios, the LAPIC somehow hasn't send EOI to IOAPIC
which cause the Remote IRR bit can't be clear. To clear it, some OSes
will use EOI Register to clear it for 0x20 version IOAPIC, otherwise
use switch Trigger Mode to Edge Sensitive to clear it.
This patch emulate this IOAPIC behavior to satisfy this requirement.
Signed-off-by: Yu Wang <yu1.wang@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
The IOAPIC specification defined EOI register for 0x20 version. The
original vioapic code implemented this register but the version was
still export as 0x11.
Tried to set 0x20, the Linux kernel has't access this EOI register,
still rely on lapic to send eoi.
From Linux ioapic driver comments, it says that only send EOI via EOI
register when met IOAPIC hardware bug.
This patch removes all 0x20 IOAPIC code to reduce the code size.
Signed-off-by: Yu Wang <yu1.wang@intel.com>
Reviewed-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
To make vioapic simpler, avoid lots of code to convert variable type
between uint8_t and uint32_t.
This patch changes all variable type of pin related variables to
uint32_t instead of original uint_8.
Signed-off-by: Yu Wang <yu1.wang@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
During ioapic reset, some registers need to be set to the default value
which defined in ioapic spec.
So far, the vioapic function only be called by ioapic itself in
ioapic_init. And just invoked after calloc the vioapic object, so all
the content are already set to zero. But this vioapic_reset function be
exported as one API which maybe invoked by other scenarios in future.
So this patch resolves this potential issue.
Signed-off-by: Yu Wang <yu1.wang@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
The APIC ID field should be bit 24:27 in IOAPIC Identification register.
The bits 28:31 are reserved bits which need to be avoid touched.
Signed-off-by: Yu Wang <yu1.wang@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
For level sensitive trigger mode, the vioapic should not deliver extra
interrupt to vlapic if the previous one hasn't received EOI.
Signed-off-by: Yu Wang <yu1.wang@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Merge multiple if to switch-case. And set 0xFFFFFFFFU as the default
value of undefined address.
And the IOREGSEL register only bits 7:0 are defined, so mask the other
bits for read operation.
Signed-off-by: Yu Wang <yu1.wang@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
1, Remove vioapic_mmio_read/vioapic_mmio_write, and combine them to
vioapic_mmio_rw.
2, The vioapic_read/write are used for emulate the ioapic indirect
access logic. So change their name with vioapic_indirect as the prefix.
Signed-off-by: Yu Wang <yu1.wang@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Remove structure vm_attr
Wrap two APIs alloc_vm_id and free_vm_id
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
one/two_byte_opcodes is indexed by op_byte. So vie_op->op_byte is unnecessary.
This patch remove it and add a new variable opcode to instr_emul_vie.
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
There are size2mask array to convert addsize to corresponding mask and function
vie_size2mask doing the same thing except validation check of addrsize.
Theoretically, addrsize can only be one of (1, 2, 4, 8). So, the check of addrsize
is unnecessary.
This patch remove vie_size2mask and use size2maks directly.
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
We have vm_set/get_register here. There is no need to wrap the function with
vie_read_register.
This patch remove it.
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Reviewed-by: Yin Fengwei <fengwei.yin@intel.com>
In order to comply with MISRA C rules, renamed vairables
and function names starting with "_".
The major changes invloves mostly static function
names, as they are being called inside the same file
by a wrapper function.
Signed-off-by: Arindam Roy <arindam.roy@intel.com>
Change this API to void type
Add pre-condition, state the input parameters are not NULL.
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
And export the API to DM. DM will do system reboot/S3 resume based
on this API.
Also add the pre-assumption description for some vm APIs.
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
In the C99 standard, the order of evaluation associated with
multiple #, multiple ## or a mix of # and ## preprocessor
operator is unspecified. For this case, gcc 7.3.0 manual
does not specify related implementation. So it is unsafe
to use multiple # or ## in a macro.
BTW, there are some macros with one or more "##" which are
not used by hypervisor.
Update relate codes to avoid using multiple # or ## in a macro;
Remove unused macros with one or more "##";
Remove "struct __hack;" at the end of GETCC since it is useless.
Note:
'##' operator usage constraints: A ## preprocessing token shall
not occur at the beginning or at the end of a replacement list
for either form of macro definition.
V1--V2:
Update relate codes to avoid using multiple # or ## in a macro.
V2-->V3:
Remove unused macros with one or more "##";
Remove "struct __hack;" at the end of GETCC since it is useless.
Signed-off-by: Xiangyang Wu <xiangyang.wu@linux.intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Fix integer related violations.
V1->V2:
clean all memset/calloc integer violations excpet bsp/boot directory
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Fix the parameter type mismatch between API declaration and definition.
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Currently we don't support resume VM in HC API, the real meaning
of the code is to start VM.
Signed-off-by: Victor Sun <victor.sun@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
For data structure types "enum vpic_wire_mode, struct stack_canary",
its name is identical with variable name in the same scope.
This MISRA C violation is detected by static analysis tool.
For variables "segment_override, pde_index", its name is identical
with function name. This MISRA C violation is detected.
Naming convention rule:Variable name can be shortened from
its data structure type name.
The following udpates are made:
enum vpic_wire_mode vpic_wire_mode-->enum vpic_wire_mode wire_mode
struct stack_canary stack_canary-->struct stack_canary stk_canary
uint8_t segment_override:1 --> uint8_t seg_override:1
uint32_t pde_index--> uint32_t pde_idx
V1-->V2:
Remove update "enum cpu_state cpu_state-->enum cpu_state state"
and "enum irqstate irqstate-->enum irq_ops_mode ops_mode", other
patch will cover it.
V2-->V3:
Update "uint32_t pde_index--> uint32_t pde_idx".
Signed-off-by: Xiangyang Wu <xiangyang.wu@linux.intel.com>
For some function pointer type, its name is identical with
variable name in the same scope. This MISRA C violation is
detected.
Naming convention rule:If the type is function
pointer, its name needs suffix "_fn".
The following udpates are made:
*apicv_set_intr_ready-->*apicv_set_intr_ready_fn
*apicv_pending_intr-->*apicv_pending_intr_fn
*apicv_set_tmr-->*apicv_set_tmr_fn
*apicv_batch_set_tmr-->*apicv_batch_set_tmr_fn
*apicv_intr_accepted-->*apicv_intr_accepted_fn
*apicv_post_intr-->*apicv_post_intr_fn
*enable_x2apic_mode-->*enable_x2apic_mode_fn
V1-->V2:
Update function pointer when it is used as calling
since no need to dereference a function pointer
before calling.
Signed-off-by: Xiangyang Wu <xiangyang.wu@linux.intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
